测试SQL注入但会导致错误?

这个问题在这里已经有了答案:

  • 来自“Bobby Tables”XKCD漫画的SQL注入是如何工作的? 12个答案

  • $sql="SELECT username from `members` where password = :mypassword";
    
    // Create prepared statement
    $stm = $db->prepare($sql);
    $stm->bindParam(':mypassword', $ans, PDO::PARAM_STR);
    $stm->execute();
    
    echo $stm->fetchColumn();
    
    链接地址: http://www.djcxy.com/p/93823.html

    上一篇: Testing for SQL injection but resulting in error?

    下一篇: Is blocking query commands enough to prevent SQL injection?